| File name: | EasyOs.bat |
| Full analysis: | https://app.any.run/tasks/7cdc4b82-d7df-45de-9fd1-8f949265c387 |
| Verdict: | Malicious activity |
| Analysis date: | January 25, 2022, 02:07:56 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | text/x-msdos-batch |
| File info: | DOS batch file, UTF-8 Unicode text, with CRLF line terminators |
| MD5: | 8B30FB9FAF7563762E1C4D310431A31C |
| SHA1: | B3E056141A01BF91997727FA68F47082B16EED22 |
| SHA256: | B96E13CD40185D50324D4EC3B5E72A483CBFBE0B543D4BE5F1D3B4DF7F82B9D2 |
| SSDEEP: | 192:5xEmtLWPlFVw8FcDCMDEQBej7zfzi4wQ2Rw:5xhtklBcuMDWzfzi4wQ9 |
MALICIOUS
No malicious indicators.SUSPICIOUS
Checks supported languages
- cmd.exe (PID: 576)
- cmd.exe (PID: 3252)
- cmd.exe (PID: 392)
- cmd.exe (PID: 3096)
- cmd.exe (PID: 760)
- cmd.exe (PID: 2524)
- cmd.exe (PID: 804)
- cmd.exe (PID: 852)
- cmd.exe (PID: 3092)
- cmd.exe (PID: 3020)
- cmd.exe (PID: 1524)
- cmd.exe (PID: 3836)
- cmd.exe (PID: 672)
- cmd.exe (PID: 3264)
- cmd.exe (PID: 1512)
- cmd.exe (PID: 3452)
- cmd.exe (PID: 1800)
- cmd.exe (PID: 2044)
- cmd.exe (PID: 3692)
- cmd.exe (PID: 3268)
- cmd.exe (PID: 3804)
- cmd.exe (PID: 1368)
- cmd.exe (PID: 3628)
- cmd.exe (PID: 3028)
- cmd.exe (PID: 1304)
- cmd.exe (PID: 3888)
- cmd.exe (PID: 3224)
- cmd.exe (PID: 2708)
- cmd.exe (PID: 2172)
- cmd.exe (PID: 2248)
- cmd.exe (PID: 3340)
- cmd.exe (PID: 4084)
- cmd.exe (PID: 3052)
- cmd.exe (PID: 3368)
- cmd.exe (PID: 1116)
- cmd.exe (PID: 2148)
- cmd.exe (PID: 4064)
- cmd.exe (PID: 3316)
- cmd.exe (PID: 1988)
- cmd.exe (PID: 3980)
- cmd.exe (PID: 3264)
- cmd.exe (PID: 2132)
- cmd.exe (PID: 3836)
- cmd.exe (PID: 3988)
- cmd.exe (PID: 2472)
- cmd.exe (PID: 2960)
- cmd.exe (PID: 3584)
- cmd.exe (PID: 1512)
- cmd.exe (PID: 3804)
- cmd.exe (PID: 272)
- cmd.exe (PID: 1472)
- cmd.exe (PID: 3624)
- cmd.exe (PID: 4080)
- cmd.exe (PID: 1404)
- cmd.exe (PID: 3016)
- cmd.exe (PID: 2180)
- cmd.exe (PID: 2456)
- cmd.exe (PID: 2572)
- cmd.exe (PID: 1372)
- cmd.exe (PID: 2244)
- cmd.exe (PID: 3332)
- cmd.exe (PID: 1284)
- cmd.exe (PID: 3468)
- cmd.exe (PID: 2456)
- cmd.exe (PID: 3012)
- cmd.exe (PID: 3336)
- cmd.exe (PID: 1688)
- cmd.exe (PID: 2284)
- cmd.exe (PID: 2808)
- cmd.exe (PID: 1600)
- cmd.exe (PID: 3124)
- cmd.exe (PID: 1284)
- cmd.exe (PID: 524)
- cmd.exe (PID: 2136)
- cmd.exe (PID: 3276)
- cmd.exe (PID: 3820)
- cmd.exe (PID: 1252)
- cmd.exe (PID: 3088)
- cmd.exe (PID: 3380)
- cmd.exe (PID: 1888)
- cmd.exe (PID: 2888)
- cmd.exe (PID: 2720)
- cmd.exe (PID: 1332)
- cmd.exe (PID: 2968)
- cmd.exe (PID: 3768)
- cmd.exe (PID: 3112)
- cmd.exe (PID: 4076)
- cmd.exe (PID: 3428)
- cmd.exe (PID: 2264)
- cmd.exe (PID: 2572)
- cmd.exe (PID: 2640)
- cmd.exe (PID: 3400)
- cmd.exe (PID: 964)
- cmd.exe (PID: 2908)
- cmd.exe (PID: 2868)
- cmd.exe (PID: 1228)
- cmd.exe (PID: 3728)
- cmd.exe (PID: 1728)
- cmd.exe (PID: 3060)
- cmd.exe (PID: 2688)
- cmd.exe (PID: 3816)
- cmd.exe (PID: 2088)
- cmd.exe (PID: 2024)
- cmd.exe (PID: 3188)
- cmd.exe (PID: 1652)
- cmd.exe (PID: 524)
- cmd.exe (PID: 1500)
- cmd.exe (PID: 3144)
- cmd.exe (PID: 2824)
- cmd.exe (PID: 1164)
- cmd.exe (PID: 3752)
- cmd.exe (PID: 760)
- cmd.exe (PID: 3096)
- cmd.exe (PID: 2524)
- cmd.exe (PID: 3016)
- cmd.exe (PID: 3680)
- cmd.exe (PID: 1236)
- cmd.exe (PID: 2752)
- cmd.exe (PID: 3024)
- cmd.exe (PID: 2816)
- cmd.exe (PID: 2588)
- cmd.exe (PID: 3608)
- cmd.exe (PID: 3888)
- cmd.exe (PID: 3196)
- cmd.exe (PID: 2628)
- cmd.exe (PID: 2528)
- cmd.exe (PID: 560)
- cmd.exe (PID: 3520)
- cmd.exe (PID: 2768)
- cmd.exe (PID: 3280)
- cmd.exe (PID: 2312)
- cmd.exe (PID: 1644)
- cmd.exe (PID: 868)
- cmd.exe (PID: 2856)
- cmd.exe (PID: 2520)
- cmd.exe (PID: 2280)
- cmd.exe (PID: 3932)
- cmd.exe (PID: 2824)
- cmd.exe (PID: 3752)
- cmd.exe (PID: 3632)
- cmd.exe (PID: 600)
- cmd.exe (PID: 564)
- cmd.exe (PID: 1696)
- cmd.exe (PID: 2868)
- cmd.exe (PID: 3028)
- cmd.exe (PID: 3780)
- cmd.exe (PID: 1852)
- cmd.exe (PID: 2404)
- cmd.exe (PID: 1636)
- cmd.exe (PID: 2800)
- cmd.exe (PID: 1524)
- cmd.exe (PID: 2972)
- cmd.exe (PID: 3024)
- cmd.exe (PID: 3472)
- cmd.exe (PID: 2220)
- cmd.exe (PID: 3680)
- cmd.exe (PID: 3748)
- cmd.exe (PID: 2664)
- cmd.exe (PID: 2920)
- cmd.exe (PID: 3108)
- cmd.exe (PID: 3896)
- cmd.exe (PID: 2420)
- cmd.exe (PID: 712)
- cmd.exe (PID: 3540)
- cmd.exe (PID: 2536)
- cmd.exe (PID: 1592)
- cmd.exe (PID: 3616)
- cmd.exe (PID: 3536)
- cmd.exe (PID: 1888)
- cmd.exe (PID: 4020)
- cmd.exe (PID: 2156)
- cmd.exe (PID: 3060)
- cmd.exe (PID: 3692)
- cmd.exe (PID: 3928)
- cmd.exe (PID: 3716)
- cmd.exe (PID: 804)
- cmd.exe (PID: 2276)
- cmd.exe (PID: 3384)
- cmd.exe (PID: 3164)
- cmd.exe (PID: 2768)
- cmd.exe (PID: 2412)
- cmd.exe (PID: 3900)
- cmd.exe (PID: 3020)
- cmd.exe (PID: 2952)
- cmd.exe (PID: 2832)
- cmd.exe (PID: 3452)
- cmd.exe (PID: 2080)
- cmd.exe (PID: 996)
- cmd.exe (PID: 848)
- cmd.exe (PID: 3060)
- cmd.exe (PID: 3000)
- cmd.exe (PID: 2460)
- cmd.exe (PID: 3908)
- cmd.exe (PID: 1096)
- cmd.exe (PID: 2372)
- cmd.exe (PID: 2828)
- cmd.exe (PID: 2172)
- cmd.exe (PID: 2600)
- cmd.exe (PID: 532)
- cmd.exe (PID: 1228)
- cmd.exe (PID: 3576)
Starts CMD.EXE for commands execution
- cmd.exe (PID: 576)
Application launched itself
- cmd.exe (PID: 576)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
235
Monitored processes
201
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 272 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 392 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 524 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 524 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 532 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 560 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 564 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 576 | C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\EasyOs.bat" " | C:\Windows\system32\cmd.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 3221225786 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 600 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 672 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
Total events
3 217
Read events
3 217
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
3
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 576 | cmd.exe | C:\Users\admin\AppData\Local\Temp\Your_Username.txt | text | |
MD5:CE585C6BA32AC17652D2345118536F9C | SHA256:589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3 | |||
| 576 | cmd.exe | C:\Users\admin\AppData\Local\Temp\data.txt | text | |
MD5:CE585C6BA32AC17652D2345118536F9C | SHA256:589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3 | |||
| 576 | cmd.exe | C:\Users\admin\AppData\Local\Temp\Your_Password.txt | text | |
MD5:CE585C6BA32AC17652D2345118536F9C | SHA256:589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report